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Art Unit: 2165 

DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 
1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 
CFR 1.17(e), was filed in this apphcation after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 
1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.114. Applicant's Request for Continued Examination (RCE) 
submission filed on 18-May-2006 has been entered. Accordingly, the "After Final" 
amendment filed on 22-June-2005 has been entered for the continued examination of this 
application. 



Priority 

2. The instant application claims priority to the U.S. Provisional Application S/N 60/173,979, 
filed on 30-December-1999. Accordingly, the fiHng date of the Provisional Patent 
Application (30-December-1999) is considered the effective filing date for the examination 
of the instant application. 



Remarks 

3. In response to commimications filed on 22-June-2005, claim 1 is amended, and new claim 23 
is added per applicant's request. Therefore, claims 1-23 are presently pending in the 
application, of which, claims 1,11 and 23 are presented in independent form. 
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Drawings 

4. The Formal Drawings submitted on 17-november-2003 are objected to as failing to comply 
with 37 CFR 1.84(p)(4) because: 

At least one reference character has been used to designate multiple entities in the 
drawings. For example, reference character "220" has been used to designate both 
PUSHWEB and ABSENT in figure 2. The above is an example of multiple entities having 
been designated by the same reference character. The applicant is requested to review and 
correct all sheets of the drawings as appropriate. 

5. The Formal Drawings submitted on 17-november-2003 are objected to as failing to comply 
with 37 CFR 1.84(p)(5) because they include at least one reference character not mentioned 
in the description. For example: 

Reference character 231 (WEB REQUEST) in figure 2. 
The above are examples of reference characters not mentioned in the descriptions. The 
applicant is requested to review and correct all sheets of drawings as appropriate. 

6. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the 
Office action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the inmiediate prior version of the sheet, 
even if only one figure is being amended. The figure or figure nimiber of an amended 
drawing should not be labeled as "amended." If a drawing figure is to be canceled, the 
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appropriate figure must be removed fi-om the replacement sheet, and where necessary, the 
remaining figures must be renumbered and appropriate changes made to the brief description 
of the several views of the drawings for consistency. Additional replacement sheets may be 
necessary to show the renumbering of the remaining figures. Each drawing sheet submitted 
after the filing date of an appHcation must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not 
accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held in 
abeyance. 

Specifications 

7. The specification of the instant application is objected to in view of the objections made 
above to the drawings. The specification must correctly and sufficiently reference every 
element shown on the drawing figures. Wherever there is a discrepancy between an element 
depicted in the drawings and references made to the element in the specification (or lack 
thereof), either the figures of drawings, or the specifications, or both must be corrected to 
overcome the discrepancy. Appropriate corrections to the specifications are required. 

8. The disclosure is fiirther objected to because it contains several embedded hyperlinks and/or 
other forms of browser-executable code (on pages 1 1, 12, 14, 15 and 17). Applicant is 
required to delete the embedded hyperlink and/or other form of browser-executable code. See 
MPEP § 608.01. 
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Claim Objections 
9. Claim 23 is objected to because of the following informalities: 

Claim 23 recites "fire wall" in lines 1 and 4. To be consistent with this recitation in all 
claims, the above recitations need to be changed to -firewall-. 

In line 5, "a said user" needs to be changed to either ~a user--, or -said user-. 



Claim Rejections - 35 USC§112 
10. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 



The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 



11. Claims 1-23 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 



Claim 1 (and its dependent claims) and claim 23 recite the limitation "through which said 
proxy can forward requests to said client to said second proxy", which renders the above 
''method' claims indefinite. The limitation ''can forward' implies "configuration" or 
"system ability" (for example, "the first proxy is configured to forward requests"), which is 
acceptable for a "system" or an "apparatus" claim. However, in a "method" claim, 
fimctional limitations need to be definitive. It is not clear fi-om the above claims as to 
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whether or not the limitation of "forwarding" (the requests) is necessarily a required 
functional part of the claims. This rejection can be overcome by amending the independent 
claims to recite the above limitations in a definitive form (e.g., "through which said proxy 
forwards requests to said client to said second proxy".) 
Appropriate correction is required. 

Claim 1 1 (and its dependent claims) recite the limitation, "parsing the resource for 
hyperlinks", which renders the claim indefinite. In the Examiner's interpretations, the 
specification of the instant application 

attempts to equate a "resource" with a "document". However, this equation is not clearly 
stated. The specification states: 

"[w]here the retumed resource contains document hyperlinks" (page 3, lines 47- 
48); and 

"the document is parsed to identify all links on the page" (page 15, line 307.) 

The Examiner interprets the "resource" in the above excerpt of the specification to also 
mean any of a database, a server, a computer, etc., which docmnents (containing hyperlinks) 
can be stored on and/or retrieved from. Therefore, the "resource" recited in claim 1 1 is not 
necessarily limited to a document or a file, containing hyperlinks. 

In view of the description provided in the specification and the Examiner's interpretation 
of the term "resource" in claim 11, although a document can be parsed, the Examiner cannot 
establish how a resource other than a document (a database, a server, or a computer) can be 
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"parsed" for hyperlinks. This rejection can be overcome by amending claim 1 1 to recite a 
definitive equation of a resource being a document. For example, claim 1 1 can be amended 
to recite, "A method of providing a client access to a document resource, stored behind a 
firewall." 

Claim 23 further recites "said client" in line 1 1 . There is insufficient antecedent bases for 
this limitation in the claim. To overcome this rejection, claim 23 needs to be amended to 
recite —said user— instead of "said client". 

Appropriate correction is required. 



Claim Rejections - 35 USC §101 

12. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

13. Claim 1 (and its dependent claims) are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non- statutory subject matter. 

Independent claim 1 produces results that are not considered tangible. Claim 1 is a 
"method" claim comprising the steps of, "receiving" and "sending" connection requests; 
"authenticating" a client; and "establishing a data connection" through which requests can be 
forwarded between a first and a second proxy. The results are not commxinicated to the user 



Application/Control Number: 09/495,799 Page 8 

Art Unit: 2165 

(client). Neither is an indication of any such results stored anywhere in memory. Therefore, 
the results are not tangible. This rejection can be overcome by amending the claim to recite a 
tangible result, for example, "transmitting the results to the user/client", similar to the 
recitations in independent claims 1 1 and 23. 
Appropriate corrections are required. 



Claim Rejections - 35 (JSC §102 
14. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
(e) the invention was described in 

(1) an application for patent, published under section 122(b), by another filed in the United States before the 
invention by the applicant for patent or 

(2) a patent granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 351(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such treaty in the 
English language. 



15. Claims 1-2, 6, 8-10, 14-15, and 17-18 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. Patent No. 6,754,831 B2, hereinafter referred to as Brownell . 



As to claim 1, Brownell teaches a method of providing access (see column 4, lines 30- 
31) to a server inside a firewall (see figxire 3; see colimm 13, lines 30-34) having an IP 
address (see column 7, lines 61-63) comprising the steps of: 

receiving at a first proxy outside the firewall (see figure 3, where "a proxy" is read on 
"socket 367", shown outside the firewall) a connection request fi'om a client (see column 9, 



Application/Control Number: 09/495,799 Page 9 

Art Unit: 2165 

lines 32-42) that is also outside the firewall (see figure 3; where the cUent ["user 360"] is also 
outside the firewall), said first proxy having an IP address that is different fi-om the IP 
address of the firewall (see column 7, lines 61-63, where "different IP addresses" is read on 
"each associated with a network address such as an Internet Protocol ['IP'] address"); 

sending said connection request through said firewall, over a control channel (see figure 
3; "inside channel 343") previously established by a second proxy inside the firewall (see 
figure 3, where "a second proxy" is depicted inside the firewall as "Tunnel 341", connecting 
to the Internal Hosts; and see column 8, lines 54-57 and colvmm 9, lines 8-18); and 

authenticating the cHent (see column 4, lines 33-36; and see colunm 8, lines 42-51; and 
see column.) 

said second proxy authenticating the client (see column 9, lines 8-18, where "second 
proxy" is read on "Tunnel 341"); and 

said second proxy establishing a data connection with the first proxy, through the firewall 
(see figure 3; the connection through the firewall between the first proxy "socket 367" and 
the second proxy "Timnel 341"), through which the first proxy can forward requests of the 
cUent to the second proxy (see column 15, lines 37-47; and see colimin 18, lines 40-48.) 

As to claim 2, Brownell teaches the method fiirther comprising the step of receiving a 
requested resource at the second proxy fi"om the server inside the firewall and using the 
established connection between the second proxy and the client to forward the requested 
resource to the client (see figure 3; and see column 17, lines 17-21.) 
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As to claim 6, Brownell teaches wherein the data connection (see column 4, lines 41-46, 
where "data connection" is read on "a two-way data communication"; and see column 7, 
Unes 9-12) uses a secure conraiunication protocol (see colunrn 10, Hnes 22-34; and see 
column 11, lines 6-52.) 

As to claim 8, Brownell teaches wherein the client is a browser (see column 7, lines 65- 
67) and the server is a Web server (see column 17, lines56-69.) 

As to claim 9, Brownell teaches wherein the client is authenticated using a password 
mechanism (see colxinin 10, lines 57-64, where "password" is read on "passphrase".) 

As to claim 10, Brownell teaches wherein the client is authenticated using a onetime 
password mechanism (see column 10, line 65 through column 11, line 5, where "one time 
password mechanism" is read on "challenge/response authentication".) 

As to claim 14, Brownell teaches the method further comprising the step of receiving at 
the second proxy, in response to the request for a resource from the second proxy, the 
requested resource from the server inside the and using the established connection between 
the second proxy and the client to forward the requested resource to the client (see figure 3; 
and see column 17, lines 17-21.) 
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As to claim 15, Browneli teaches the method further comprising the step of receiving 
from the first proxy, at the second proxy, a request for a resource of the server (see column 9, 
lines 43-53; and see column 15, lines 52-60.) 

As to claim 17, Browneli teaches wherein the client is authenticated via said control 
channel (see column 10, lines 32-34, where "control channel" is read on "login channel") 
using a password mechanism (see column 10, Unes 57-64, where "password" is read on 
"passphrase".) 

As to claim 18, Browneli teaches wherein the control channel is maintained by sending a 
command that requests a response, over the control channel, at intervals that insure a silent 
period of no more than a pre-selected value (see column 11, line 53 through column 12, line 
7, where "intervals that ensure a silent period" is read on "laps of a period of time in which 
there is no connection associated with an active session".) 



Claim Rejections - 35 USC § 103 
16. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that said subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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17. Claims 3-5, 7, 11-12, 16, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Brownell in view of Smith et al (U.S. Patent No. 6,578,078 Bl, hereinafter referred to 
as Smith .) 

As to claim 3, Browpell does not explicitly teach wherein the resource is a document 
containing hyperlinks to other resources (although he teaches displaying "web pages" in 
column 7, lines 64-67, which contain hyperlinks to other documents.) 

However, Smith teaches a method of preserving referential integrity within web sites 
(see colunrn 10, lines 9-24), in which he teaches the resource is a document containing 
hyperlinks to other resources (see figure 8; and see column 10, line 25 through column 11, 
line 13.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teaching of Smith, because 
including document containing hyperlinks to other resources would enable the user to 
browse/view other documents referenced in the resoiu"ce (main document) without knowing 
(or having to manually type in) the URL address of the referenced documents. Smith 
teaches reaching nested pages of a travel category by "clicking on the pictxire icon or one of 
the text blocks, both of which are associated with one of the hyperlinks" (see colunm 10, 
lines 42-47.) 



As to claim 4, Brownell as modified, teaches a second proxy (see Brownell figure 3; 
Tunnel 341.) 
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Brownell as modified still does not teach translating the hyperlinks in the docimient into 
references. 

Smith further teaches translating the hyperlinks in the document into references (see 
column 13, lines 30-50, where "translating the hyperlinks into references" is read on 
"updating the hyperlink to the new URL"; and see colunm 15, lines 27-34 and colimin 18, 
lines 18-39.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell as modified, by the fiirther teaching 
of Smith , because translating the hyperlinks in the document into references, would enable 
the system to redirect the user to the correct web pages in cases that the address of the desired 
page has changed or if the desired document is moved to another server. Smith teaches, "a 
decision block 54 determines if the URL has been redirected. In addition to the URL stub 
file, there is additional redirection information that is part of the database, as discussed 
below. If the URL has been redirected, then the web site server sends the referring server a 
message that includes the new URL for the link so that the hyperlinks on the referring server 
may be updated in a block 56" (see column 15, lines 22-34.) 



As to claim 5, Brownell as modified teaches wherein the document is a Web page (see 
Brownell, column 7, lines 64-67; and see Smith column 10, lines 9-24, and see "homepage 
300" in column 10, line 42.) 
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As to claim 7, Brownell as modified, teaches wherein the secure communication protocol 
is SSL (see Brownell column 10, lines 22-34; and see column 11, lines 6-52.) 

As to claim 11, Brownell teaches a method of providing a client access (see Abstract) to 
a resource stored behind a firewall (see figure 3, where "resource" resides on the internal host 
which is behind the firewall; and see column 13, lines 30-34) comprising: 

a proxy enabled to access resources behind the firewall (see figure 3, where "proxy" is 
read on "Tunnel 341); and 

transmitting the resource to the cHent (see figure 3; see column 16, lines 49-52; and see 
column 17, lines 17-21.) 

Brownell does not explicitly teach: 

parsing the resource for hyperlinks to other resources; 

rewriting the hyperiinks to point to a proxy enabled to access resources; and 

transmitting the resource with the re-written hyperlink. 

However, Smith teaches a method of preserving referential integrity within web sites 
(see column 10, lines 9-24), in which he teaches parsing the resource for hyperlinks to other 
resources (see column 11, lines 48-63 and see column 17, lines 10-20); rewriting the 
hyperlinks to point to a proxy enabled to access resources (see column 12, lines 57-67, where 
"rewriting" is read on "updating"; see also column 14, lines 8-17 and colunm 15, lines 15- 
22); and transmitting the resource with the re-written hyperlink (see column 13, lines 30-50; 
and see colunm 15, lines 23-51.) 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teachings of Smith, because 
including the above would enable the user to obtain the desired resource (document) even in 
the event that the location of the desired document has been changed. The "re-directing" of 
URLs ensure appropriate search results to the users and while it can remain transparent to the 
user, it can also serve as means to alert the users that the location of their desired document 
has been changed. As taught by Smith, depending on the types of redirection (rewriting or 
updating) of the URLs, "The redirection page contains a. URL stub file that automatically 
redirects the browser to the new URL, without requiring the user to perform any steps. 
Optionally, the stub file can cause the browser to display a message indicating that "This 
page has been moved," along with updating the hyperUnk to the new URL. The message can 
be displayed for a predetermined period of time before loading the page fi-om the new 
location referenced by the updated URL. In the case of automatic redirection, a user 
accessing the document on the web site will be unaware that the URL has changed, except 
that the new URL will replace the previous URL on the location bar in the browser as the 
new location is being accessed to load the document" (column 13, lines 37-50.) 

As to claim 12, Brownell as modified teaches wherein the resource is a Web page (see 
Brownell column 7, lines 64-67; and see Smith column 10, lines 9-24, and see "homepage 
300" in column 10, line 42.) 
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As to claim 16, Browneil does not explicitly teach: 
wherein the connection request comprises a URL; 

translating the URL to a URL that corresponds to a URL of a server inside the firewall; 

and 

establishing a connection with the URL. 

Smith teaches wherein the connection request comprises a URL (see column 11, lines 
48-63 and see column 12, lines 36-47); translating the URL to a URL that corresponds to a 
URL of a server inside the firewall (see column 13, lines 30-50, where "translating the URL" 
is read on "updating the hyperlink to the new URL"; and see colunm 15, lines 27-34 and 
column 18, lines 18-39); and establishing a connection with said URL (see column 12, lines 
47-56; the connection is made when the user clicks on the new URL.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Browneil as modified, by the teachings of 
Smith , because including wherein the connection request comprises a URL; translating the 
URL to a URL that corresponds to a URL of a server inside the firewall; and establishing a 
connection with the URL, would enable the user to retrieve a desired web page or document 
by redirecting the user to the correct web pages in cases that the address of the desired page 
has changed or if the desired docimient is moved to another server. Smith teaches, "a 
decision block 54 determines if the URL has been redirected. In addition to the URL stub 
file, there is additional redirection information that is part of the database, as discussed 
below. If the URL has been redirected, then the web site server sends the referring server a 
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message that includes the new URL for the link so that the hyperlinks on the referring server 
may be updated in a block 56" (see column 15, lines 22-34.) 

As to claim 23, Brownell teaches a method (see column 5, lines 40-51 and see figure 3) 
of a user (figure 3, "user" 360) at a host on an outside side (figure 3, "external host" 350) of a 
firewall (figure 3, "firewall" 330) obtaining web pages (see column 7, lines 64-67) fi-om a 
server on an inside side of said firewall (figure 3, "internal hosts" 310 and 312) comprising 
the steps of: 

receiving at a first proxy outside the firewall (see figure 3, where "a proxy" is read on 
"socket 367", shown outside the firewall) that is adapted to serve as an interface (see figure 
3, where socket 367 is connected [interfaces]) between servers of said inside side (see figure 
3, "internal hosts" 310 and 312) of said firewall (see figure 3, "firewall" 330) and hosts on 
said outside side of said firewall (see figure 3, "extemal host" 350) a connection request from 
said user (see column 9, lines 32-42) employing a secure communication protocol (see figure 
3; where the "firewall" 330 secures the communication; and see column 10, lines 22-34 in 
view of figure 4); 

sending said connection request through said firewall, over a control channel (see figure 
3; "inside channel 343") previously established by a second proxy on said inside side of said 
firewall (see figure 3, where "a second proxy" is depicted inside the firewall as "Tunnel 
341", connecting to the Internal Hosts; and see column 8, lines 54-57 and column 9, lines 8- 
18); and 
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authenticating the client (see column 4, hnes 33-36; and see column 8, lines 42-51; and 
see column .) 

said second proxy authenticating the user (see column 9, lines 8-18, where "second 
proxy" is read on "Tunnel 341"); and 

said second proxy establishing a data connection with said first proxy, through said 
firewall (see figure 3; the connection through the firewall between the first proxy "socket 
367" and the second proxy "Tunnel 341"), through which the first proxy can forward 
requests of said user to said second proxy (see column 15, lines 37-47; and see column 18, 
lines 40-48.) 

Brownell does not explicitly teach said user obtaining web pages from said server by 
directing requests to IP address of said first proxy. 

However, Smith teaches a method of preserving referential integrity within web sites 
(see column 10, lines 9-24), in which he teaches teach said user obtaining web pages from 
said server (see column 8, lines 12-18) by directing requests to IP address of said first proxy 
(see column 14, line 48 through colimm 15, line 14.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teaching of Smith, because 
including said user obtaining web pages fi'om said server by directing requests to IP address 
of said first proxy would enable the user to expand his secured searching capabilities by 
accessing and retrieving docimients and pages on the Internet by directing an http request to 
an IP address of a proxy that is securely connected to the servers inside firewalls. 
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18. Claim 13 is rejected imder 35 U.S.C. 103(a) as being unpatentable over Brownell in view of 
Smith, as applied to claim 1 1 above, and further in view of Flvnn et al (U.S. Patent No, 
6,567,918 Bl, hereinafter referred to as Flvnn .) 

As to claim 13, Brownell as modified teaches rewritten hyperlinks (see Smith, column 
12, lines 57-67, where "rewriting" is read on "updating"; see also colunm 14, lines 8-17 and 
column 15, lines 15-22.) 

Brownell as modified, still does not explicitly teach wherein the rewritten hyperlinks also 
comprise security information. 

Flvnn teaches a method of security for saved web pages (see column 4, lines 64-66), in 
which he teaches wherein the rewritten hyperlinks also comprise security information (see 
column 3, lines 37-57; and see column 11, lines 18-40.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell as modified, by the teaching of 
Flvnn, because including wherein the rewritten hyperlinks also comprise security 
information, would enable the system to "re-establish a security context for the saved Web 
page", as taught by Flvnn (column 11, lines 18-40.) For example, if a web page or document 
is stored with high security due to contents, etc., and late, the page or document is 
reclassified based on its revised contents, and moved to a server requiring lower security, the 
re-direction of its URL would contain the lower security information, pointing the user to the 
server on which the page or docimient is now stored (or vise versa.) 
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19. Claims 19-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Brownell in 
view of Smith, as applied to claim 1 above, and further in view of Crichton et al (U.S. patent 
No. 6,104,716, hereinafter referred to as Crichton .) 

As to claim 19, Brownell does not teach wherein the control channel is adapted to carry a 
limited number of different messages. 

Crichton teaches a secured communication tunneling (see column 2, lines 19-22) in 
which he teaches wherein the control channel is adapted to carry a limited number of 
different messages (see column 6, line 40 through column 8, line 52.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teachings of Crichton, 
because including wherein the control channel is adapted to carry a limited number of 
different messages, would define the rules of communications between the intemal and 
external proxies associated with a firewall and would enable the system to perform docimient 
access and retrievals fi-om servers secured by firewalls (see Crichton , colimm 6, lines 39- 
47.) 

As to claim 20, Brownell does not teach wherein the control channel is adapted to carry 
messages from a set that consists of: 

a message sent by the second proxy to establish the control channel, 

a message sent by the first proxy to request establishment of the data connection, 

a hailing message that expects a reply, and 
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a reply message that acknowledges the hailing message. 
Crichton teaches: 

a message sent by the second proxy to establish the control channel (see colunm 6, line 
63 through column 7, line 5), a message sent by the first proxy to request establishment of 
the data connection (see column 7, lines 6-9), a hailing message that expects a reply (see 
column 7, lines 10-28), and a reply message that acknowledges the hailing message (see 
column 7, lines 29-34.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teachings of Crichton, 
because doing so would ensxire establishing a secured connection and the notification that the 
connection has been successfiiUy made between the user and the internal host, so that the 
user can attempt to retrieve desired documents fi"om the secured internal host. 

As to claim 21, Brownell does not teach the step of establishing the data connection 
being followed by a step of the second proxy sending a message to the first proxy, over the 
data connection, to inform the first proxy of the establishment of the data connection. 

Crichton teaches the step of establishing the data connection being followed by a step of 
the second proxy sending a message to the first proxy, over the data connection, to inform the 
first proxy of the estabUshment of the data connection (see column 7, lines 10-14, and see 
column 8, lines 24-52.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teachings of Crichton , 
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because doing so would notify the user associated with the first proxy to know that a 
successful and secure connection is in place so that the user can begin retrieving/accessing 
the desired web pages and/or documents fi-om the host. 

As to claim 22, Brownell does not teach wherein the control chaimel is maintained by 
periodically one of the proxies sending a command that requests a response fi-om the other 
one of the proxies. 

Crichton teaches wherein the control channel is maintained by periodically one of the 
proxies sending a command that requests a response firom the other one of the proxies (see 
column 6, line 62 through column 7, line 9 and see column 7, lines 10-19.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Brownell by the teachings of Crichton, 
because by maintaining the control channel, the communication link stays "alive", during 
which time, the user has continuous access to the intemal host behind the firewall and can 
pause and resume retrieving or viewing documents or web pages without being disconnected 
and having to log back into the secured network. 

Response to Arguments 
20. Applicants* arguments filed on 22-June-2005 with respect to the rejected claims in view of 
the cited references have been fully considered but they are either moot in view of the new 
groimds for rejection, or they are not deemed persuasive, as follows: 
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The Applicants' arguments regarding the effective date of the pre-grant publication 
previously used in rejecting the claims have been fully considered. The Examiner 
respectfully disagrees with the Applicant's statement that, "as long as the Brownell et al 
application has not issued as a patent, it effective date in the date of publication", because the 
Examiner's qualification for this prior art was based on the 102(e) priority date. However, 
the Applicant's argument is now moot in view of the new grounds of rejection by the 
Examiner, using the "issued patent" of the same application to Brownell 

The Applicants argue that "the claims are not obvious in view of the cited references" 
and discusses Brownell, Crichton, and Malcohn references in view of the previous rejection. 
The Examiner's new groxmds of rejection presented in this Office Action no longer relies on 
the Malcohn as a reference and uses Crichton in a limited way to reject some of the 
dependent claim limitations. 

The Applicants state that, "amended claim 1 specifies a firewall that has an IP address. 
In contradiction, the firewall of Brownell is not described to have an IP address." The 
Examiner respectfully disagrees with the Applicant's remarks on Brownell, The Examiner 
directs the Applicant's attention to Brownell, column 7, lines 61-63, where Brownell states, 
" Firewall 330. host 310, host 312, host 314, host 316, and external host 350 are each 
associated with a network address, such as an Intemet Protocol ("IP") address ". 
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The Applicants further argue that, "according to amended claim 1, a connection request is 
received by a first proxy, and NOT by the firewall. In contradiction, in the Brownell 
reference (a) there is no proxy, and (b) the connection request fi-om an outside-the-firewall 
host is received by the firewall itself." The Examiner respectfiiUy disagrees with the 
Applicants' remarks made above. Brownell teaches "proxies" in "socket factory" and 
"sockets" which receive the user's request for a connection and forward it to the firewall 
(figure 3, "socket" 361 receives the "user" 360 request and passes it to the "firewall" 330 on 
"port" 443. Therefore, it is established that not only does Brownell teach a user-side proxy, 
he also teaches the connection request being made by the user ("socket 361") through the 
"login channel" 342. 

The Applicants fiirther argue that, "according to amended claim 1, the message that is 
received is received by the first proxy that has an IP address that is different fi'om the IP 
address of the firewall. In contradiction, in the Brownell reference there is no notion of a 
separate IP address of a proxy." Again, the Examiner respectfully disagrees. The concept of 
different IP addresses was discussed above in establishing that each of the entities, including 
the firewall, are associated with a network address, in view of the Brownell and the reference 
made to column 7, lines 61-63. 

The Applicants argue that, "according to claim 1 a second proxy is authenticating the 
user AND that second proxy also establishes a data connection 'through said firewall, 
through which said first proxy can forward requests of said client to said second proxy.' In 
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other words, a series connection is established that comprises a first proxy, the firewall, and a 
second proxy. The Brownell reference, in contradiction, teaches that other hosts on the 
inside of the firewall participate in the authentication process, but there is no second proxy 
described that performs the authentication process, and there is no series connection as 
specified in amended claim 1." The above arguments are fiilly considered but are not 
deemed persuasive. 

Firstly, Brownell teaches the "second prox/* in "Tunnel 341" (figure 3), which 
establishes a data connection to the "internal hosts" (references 310, 312 on figure 3). The 
instant appUcation teaches a single proxy (depicted as Proxy 200 in figures 1 and 2) which 
features two "sockets" or "ports", acting as, or serving as a first proxy and a second proxy, as 
shown in figure 1 with references 201 and 202. Similarly, the Brownell references teaches "a 
first proxy" as "socket 361" connecting with the firewall at "port 443", while "a second 
proxy" is shown as the "Tunnel 341" connecting the firewall to the "external hosts". 

Secondly, "a series connection is established that comprises a first proxy, the firewall, 
and a second proxy" is not recited in the rejected claim. Although the claims are interpreted 
in Hght of the specification, limitations fi'om the specification are not read into the claims. 
See//i re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Nonetheless, 
Brownell clearly teaches this connection, as depicted in figure 3 ("external hosts" 310, 312), 
connected to the "firewall" 330 through "Tunnel" 341, or via the "inside channel" 343, which 
are connected on the other side of "firewall" 330 to "external host" 350 and "user" 360" via 
"pre-auth Channel" 340 as well as "login channel" 342, which are connected to the user via 
"sockets" 367 and 361. 
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The Applicants' arguments made in view of the Crichton reference previously used to 
teach the "second proxy" are moot in view of the Examiner's reliance on Brownell for the 
teachings of both proxies. 

Applicants' arguments made regarding claims 4 and 16 and also claims 1 1-13 in view of 
the previous prior art references are moot in view of the Examiner's new grounds of rejection 
for these claims. 



21. Any inquiries concerning this communication or earlier communications from the examiner 
should be directed to Tony Mahmoudi whose telephone number is (571) 272-4078. The 
examiner can normally be reached on Mondays-Fridays from 08:00 am to 04:30 pm. 

If attempts to reach the examiner by telephone are imsuccessfiil, the examiner's 
supervisor, Jeffrey Gaffin, can be reached at (571) 272-4146. 



Conclusion 
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